CVE-2020-11024

Опубликовано: 29 апр. 2020

Источник: nvd

CVSS3: 6.1

CVSS3: 8.2

CVSS2: 4.9

EPSS Низкий

Описание

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

Ссылки

https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc
Patch
Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/pull/405
Patch
Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3
Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc
Patch
Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/pull/405
Patch
Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:iphone_os:*:*

Версия до 4.0.1 (исключая)

cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:tvos:*:*

Версия до 4.0.1 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

6.1 Medium

CVSS3

8.2 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-300

CWE-200

EPSS

Процентиль: 44%

0.00219

Низкий

6.1 Medium

CVSS3

8.2 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-300

CWE-200